this post was submitted on 23 Jun 2023
92 points (98.9% liked)

Lemmy

12575 readers
1 users here now

Everything about Lemmy; bugs, gripes, praises, and advocacy.

For discussion about the lemmy.ml instance, go to !meta@lemmy.ml.

founded 4 years ago
MODERATORS
 

I have the application process enabled for people to join my instance, and I've gotten about 20 bots trying to join today when I had nobody trying to join for 5 days. I can tell because they are generic messages and I put a question in asking what 2+3 is and none of them have answered it at all, they just have a generic message.

Be careful out there, for all you small instance admins.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] IAccidentallyCame@lemmy.dbzer0.com 1 points 1 year ago (1 children)

Are Email addresses kept and logged anywhere, or are they discarded after registration?

For privacy reasons, it'd be nice if we could somehow have a reliable bot blocking/spam blocking method that doesn't require Email.

While Email adds a good layer of spam blocking just from the spam blocking the email providers are doing themselves, having an option to verify with Email OR jump through multiple hoops instead would be cool. Hoops that are difficult for a bot to be programmed to defeat all of them. Such as captcha, with a simple math equation, and something else all combined.

Just tossing ideas around, because this is all still being built out.

[โ€“] Demigodrick@lemmy.zip 2 points 1 year ago

Yeah they're kept in the database.

A sufficiently complex captcha might do it. I've seen something else that verifies you're not a bot based on PoW calculation, although I don't know how reliable that would be personally.

A split verification method might be a good way forwards for the privacy conscious instances.